aibom
Safeguard articles tagged "aibom" — guides, analysis, and best practices for software supply chain and application security.
22 articles
AI Agents and Supply Chain Security FAQ: 2026 Answers
Answers on where AI agents meet software supply chain security — the dependencies agents pull in, hallucinated packages, MCP servers as components, AIBOMs, and how Safeguard keeps the agentic supply chain governed.
How to Create an AIBOM for Your AI Models
Build an AI Bill of Materials that inventories the models, datasets, adapters, and MCP tools your application depends on — using CycloneDX ML-BOM and commands you can run today.
What Is an AIBOM (AI Bill of Materials)? A 2026 Primer
An SBOM tells you what code you ship. An AIBOM answers the question that has no good answer today: what models, datasets, and prompts is our AI actually built on — and where did they come from?
Best AI Code Security Tools in 2026: An Honest Buyer's Guide
A balanced 2026 comparison of tools for securing AI-generated code and AI-native applications — Semgrep, CodeQL with Copilot Autofix, Snyk, Socket, Endor Labs, and model-layer tools — with an honest look at where Safeguard fits.
AIBOM (AI Bill of Materials): Frequently Asked Questions
A practical FAQ on AI bills of materials in 2026 — what an AIBOM captures, how it extends SBOMs to models and datasets, model provenance risks, formats, and governance drivers.
Best SBOM Tools in 2026: Generation, Management, and Compliance Compared
An honest guide to the best SBOM tools in 2026 — from open-source generators like Syft and Trivy to full SBOM management and AIBOM platforms — with clear guidance on which to use for generation, analysis, and compliance.
Patch the Planet: What AI-Generated Fixes Actually Mean for Open-Source Maintainers
OpenAI's Patch the Planet, co-founded with Trail of Bits, wants to move widely-used open-source projects from findings to fixes. The ambition is right — but it shifts the bottleneck to maintainer review, patch provenance, and the trust of machine-authored code.
AIBOM in 2026: Treating AI Models as a Software Supply Chain
The AI bill of materials is graduating from optional security artifact to procurement requirement. Here is what AIBOM/ML-BOM actually tracks in 2026, how it ties to the EU AI Act, and where it still falls short.
Best AIBOM Tools in 2026: AI Bill of Materials Platforms Compared
An honest, technical guide to the best AIBOM tools in 2026 — from the open-source OWASP AIBOM Generator to AI-BOM features in Snyk, Wiz, Mend, JFrog, and Manifest Cyber — with clear guidance on what an AI bill of materials should actually capture.
Best LLM Security Tools in 2026: Guardrails, Red Teaming, and Runtime Defense Compared
An honest guide to the best LLM security tools in 2026 — from open-source guardrails and red-teaming scanners like NeMo Guardrails, garak, and LLM Guard to runtime APIs and full AI security platforms — with clear guidance on which job each one actually does.
How to Audit the Dependencies of an AI Agent
An AI agent's dependency tree spans packages, MCP servers, models, and system prompts. A step-by-step audit method that actually enumerates all four layers.
Best AI Security Tools in 2026: Guardrails, Red Teaming, and Agentic AI Security Compared
An honest guide to the best AI security tools in 2026 — red-teaming and testing tools, runtime guardrails for prompt injection, agentic AI and MCP security, and the AI supply chain layer (AIBOM) — with a clear best-for line for each.